[PATCH] segment: Fix dangling pointer
Mark Wielaard
mark@klomp.org
Thu Mar 28 21:04:54 GMT 2024
Hi Maks,
On Thu, Mar 28, 2024 at 11:29:22PM +0300, Maks Mishin wrote:
> Pointer 'lookup_module' which is a field of the structure 'Dwfl'
> freed at segment.c:88 is not overwritten, but it is usually overwritten
> after free.
But the very next statement is a return true; so old isn't in scope
anymore. Why would we assign NULL to it?
> Found by RASU JSC.
What or who is that?
> Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
> ---
> libdwfl/segment.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libdwfl/segment.c b/libdwfl/segment.c
> index f6a3e84e..af76f2f8 100644
> --- a/libdwfl/segment.c
> +++ b/libdwfl/segment.c
> @@ -86,6 +86,7 @@ insert (Dwfl *dwfl, size_t i, GElf_Addr start, GElf_Addr end, int segndx)
> if (unlikely (dwfl->lookup_module == NULL))
> {
> free (old);
> + old = NULL;
> return true;
> }
> }
> --
> 2.30.2
>
More information about the Elfutils-devel
mailing list